09 December 20, 13:00
Quote:Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things (IoT) devices and embedded systems, including smart thermometers, smart plugs and printers.
The 33 vulnerabilities – four of which are critical – are dubbed Amnesia:33 by Forescout researchers who discovered them. They could enable a range of malicious attacks – from memory corruption to denial of service, and information leaks to remote code execution, Forescout researcher Daniel dos Santos said during this week’s Threatpost podcast.
“Exploiting these vulnerabilities could allow an attacker to take control of a device, thus using it as an entry point on a network (for internet-connected devices), as a pivot point for lateral movement, as a persistence point on the target network or as the final target of an attack,” Forescout researchers said in a Tuesday report.
The name “Amnesia:33” refers to the fact that most of the flaws stem from memory corruption – coupled with the fact that there are 33 flaws.
While researchers did not specify which vendors and specific devices were affected by the set of vulnerabilities, they said at least 150 vendors were affected. Many of the issues behind Amnesia:33 stem from bad software development practices, such as an absence of basic input validation, said researchers.
Read more: https://threatpost.com/amnesia33-tcp-ip-...es/161928/